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DETAILED ACTION 

The instant application having Application No. 10/598875 is presented for 
examination by the examiner. Claims 26, 28, 30-31, and 50 have been amended. 
Claims 25 and 27, 29, and 32-49 have been canceled. Claims 51-69 have been added. 
Claims 26, 28, 30, 31, 50-69 remain pending. 

Response to Amendment 

Claim Objections 

Claim 65 is objected to because of the following informalities: 

As per claim 65, it is missing its dependent claim by number. It is assumed 65 is 
dependent from 62. 

Specification 

The specification is objected to because the references, non-patent document 1 
and 2 can simply be incorporated by reference into the specification. There is no need 
for the use of reference linking as seen on page two of the written description. 



Claim Rejections - 35 USC §112 
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Current amendments overcome the previous 112 rejections. However the new 
claims are rejected under 35 USC 112. 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 54-69 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

As per claim 54, it is unclear which aspect of the invention is being claimed. The 
claim recites a system in the preamble but then discloses a method. As a system claim, 
the limitations of the method would not be given patentable weight. Only the limitations 
of the system, namely, a first server and a computer readable storage medium would be 
given patentable weight. Apparatus claims are distinguishable from the prior art by 
structure not function. The intended use (the method) is not distinguishable. For this 
Office Action, Examiner is rejecting the limitations of the method with prior art on the 
idea that Applicant will properly amend the claim to give those features patentable 
weight. Claims 55-61 are likewise rejected. 

Also claim 54 is rejected for being indefinite with respect to the first server. It is 
unclear what is intended by recitation, "a first server being comprised by a plurality of 
servers". The federated environment would comprise the first server and a plurality of 
servers. 

As per claims 62-69, it is similarly rejected for the reasons listed for claim 54 with 
respect to the claimed aspect of the invention. 
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Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 54-69 are rejected under 35 U.S.C. 101 because the claimed invention is 
does not squarely fall within one statutory class of invention. Claims 54-61 claim both a 
system and a process. Claims 62-69 claim both a computer program product (article of 
manufacturer) and a process. 

Response to Arguments 

Applicant's arguments with respect to claims 26, 28, 30, 31 , and 50 have been 
considered but are moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 



Application/Control Number: 10/598,875 Page 5 

Art Unit: 2431 

Claims 26, 54, and 62 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over USP 2004/0002878 to Hinton in view of USP Application Publication 
2004/0210767 to Sinclair et al., hereinafter Sinclair. 

As per claims 26, 54, and 62, Hinton teaches a method for recording server 
authentication information, comprising: 

establishing, by a first server of a plurality of servers in a federated computing 
environment, a trusting relationship between the first server and a second server of the 
plurality of servers (0046) wherein said establishing the trusting relationship comprises 
exchanging, by the first server, an electronic certificate of the first server with an 
electronic certificate of the second server in accordance with a Public Key Infrastructure 
(PKI) method (0047); 

after said establishing the trusting relationship, obtaining by the first server an 
authentication policy of the second server, wherein an authentication policy for each 
server of the plurality of servers is defined as at least one rule [rule set] of each server 
for authenticating users of the federated computing environment (0067). Hinton is silent 
in explicitly teaching registering by the first server the authentication policy of the 
second server within the first server after said obtaining the authentication policy of the 
second server. Sinclair teaches after said obtaining the authentication policy of the 
second server, registering by the first server the authentication policy of the second 
server within the first server [data is replicated into the first server from the other 
servers, 0024]. Registering the authentication policies along with the servers would 
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allow the user to authenticate without having to provide or choose the server in which 
he/she wants to authenticate with. If the first server registers the policies of the other 
trusted servers it would cut down on the information needed to be sent during sign-on. 
This change would then streamline the sign-on process making it more efficient. It is 
within the ordinary capabilities of one of ordinary skill in the art to substitute known 
method which produce predictable results. Hinton already teaches the first server can 
provide authentication functions to user of the local domain (0049). By copying the 
policies of other trusted domains, the first server would be able to quickly authenticate 
users from other domains by "pre-fetching" the other domains' policies. Hinton takes 
single sign-on to the point where a user only has to be authenticated once in a 
federated environment. Sinclair takes signal sign-on one step further by only needed 
the user to interact with any single server in order to authenticate in the domain. So 
many sign-ons with many different servers are reduced to one sign-on with one server 
without even having to necessarily interact with other servers during the sign-on 
process. 

Claims 28, 55, and 63 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hinton and Sinclair as applied to claims 26, 54, and 62 and in further view of USP 
Application Publication 2001/0048025 to Shinn. 

As per claims 28, 55, and 63, Hinton does not explicitly teach the at least one 
rule includes a data size for fingerprint authentication, a data size for voice print 
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authentication, or a combination thereof. Hinton teaches users may contract for 
different strengths of various authentication schemes. The strengths of passwords or 
biometric templates are known by their data size. The more bits the more strength. 
Shinn teaches the use of a biometric template used in authenticating fingerprints and 
voice prints (0033) which are two types of biometric authentication sources. Therefore it 
would have been obvious to one of ordinary skill in the art at the time of the invention to 
explicitly use fingerprints and voice print authentication within the system of Hinton 
because these are well known type of authentication sources. The size of the template 
dictates the strength and this too is notoriously well known in the art. These types of 
parameters [key length] are used in the defining policies relating to security strength. 
Biometric templates are converted into a binary unit and servers the same purpose as a 
password (key). 

Claims 30, 56, and 64 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hinton and Sinclair as applied to claims 26, 54, and 62 and in further view of USP 
Application Publication 2002/0091928 to Bouchard et al., hereinafter Bouchard. 

As per claims 30, 56, and 64, Examiner supplies the same rationale for 
combining the registering of the authentication policy of the second server into the first 
server's authentication policy as recited in the rejection of claim 26. Hinton teaches an 
authentication policy table where the lists of the other trusted servers are stored (0060). 
It is inherent that the address or location to those servers in maintained as well in order 
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to communicate with them. Hinton fails to teach a relative priority of each server of a 
group of servers having a same authentication policy in the authentication policy table. 
Bouchard teaches a system in which multiple servers can designate priority to other 
servers for authentication in order to balance the load of the system (0047). Load 
balancing in computer networks is well known in the art. Assigning priority to servers is 
also well known in the art. In a load balancing system, the systems with the least 
amount of load have the higher priority in determining which server to communicate 
with. And conversely, those servers which have the highest amount of traffic are the 
least likely to be requested. Combining known methods in the art and yielding 
predictable results in within the ordinary capabilities of one of ordinary skill in the art. 
Therefore the claim is obvious in view of the teachings in the two references. One of 
ordinary skill could have maintained a priority list to balance the load of the network. If 
all the servers are able to perform authentication, it is obvious that they can share in 
those duties so that one is not overwhelmed. 

Claims 31, 57, and 65 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hinton and Sinclair as applied to claims 26, 54, and 62 and in further view of USP 
Application Publication 2004/0107212 to Friedrich et al., hereinafter Friedrich. 

As per claims 31 , 57, and 65, Examiner supplies the same rationale for 
combining the registering of the authentication policy of the second server into the first 
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server's authentication policy as recited in the rejection of claim 26. Hinton teaches an 
authentication policy table where the lists of the other trusted servers are stored (0060). 

Hinton teaches server can communicate through the LDAP protocol (0029). 
Hinton teaches the authentication policy of the second server is identical to an 
authentication policy of the first server [servers of the same federated environment; 
001 1]. Hinton does not explicitly teaches wherein a first common identifier (ID) exists in 
an authentication information Lightweight Directory Access Protocol (LDAP) of the first 
server and in an authentication information LDAP of the second server, wherein the first 
common user ID is used by a first user in the first server and by a second user in the 
second server such that the second user differs from the first user, and wherein the 
method further comprises: after said registering the authentication policy of the second 
server, registering by the first server the first common user ID in a exceptional ID table 
of the first server, wherein the exceptional ID table of the first server stores common 
user IDs and an indication of one or more servers associated with each common user 
ID stored in the exceptional ID table of the first server. In Sinclair's system combined 
with Hinton, multiple servers combine together their known authentication policies 
including those users belonging to each server. It is not unreasonable for one of 
ordinary skill to consider what would happen in the same user ID existed in both groups. 
LDAP which is notoriously well known in the art and taught by Hinton and Friedrich, 
handles this occurrence through home repositories which are unique to each user even 
if the user name is common. Friedrich addresses this situation by maintaining the home 
repository of each user in conjunction with a unique identifier (probably the SID or some 
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other unique attribute to the user) (0033). This solves the problem of common user 
names by creating a pointer to which server or repository that user belongs to. In view 
of this teaching, Examiner finds that claim is obvious because one of ordinary skill could 
have first recognized the potential for two users having a common user name and dealt 
with it in the means taught by Friedrich. 

Allowable Subject Matter 

Claims 50-53 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the limitations of 
the base claim and any intervening claims. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. R. V./ 

Examiner, Art Unit 2431 
/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2431 



